From 04fa95a5bed668faeb56e219904afe8c84c8b3c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Mar 2025 10:29:46 +0000 Subject: [PATCH 1/2] Bump sigstore/cosign-installer from 3.7.0 to 3.8.1 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.7.0 to 3.8.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.7.0...v3.8.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index d120242..b3b0e40 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -39,7 +39,7 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.7.0 + uses: sigstore/cosign-installer@v3.8.1 with: cosign-release: 'v2.4.1' From 36e90b55e145310d231d108b8c48de4cc875388e Mon Sep 17 00:00:00 2001 From: Matthias Kesler Date: Wed, 5 Mar 2025 14:15:49 +0100 Subject: [PATCH 2/2] Update cosign version accordingly --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b3b0e40..6152760 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -41,7 +41,7 @@ jobs: if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3.8.1 with: - cosign-release: 'v2.4.1' + cosign-release: 'v2.4.3' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx